Blog entries from the computer science and media faculty at HdM

Wanted: Female Professors!

System Thinking and Architecture

Renovating a historic building in our days teaches you a lot about system thinking. And like in software development, there are many different opinions and few empirical data. I hope to expand on our experiences made in the last 8 years.

(Hopi image: Edward S. Curtis [Public domain], via Wikimedia Commons) I remember reading Benjamin Lee Whorf's famous book on language, thinking and perception of reality and being quite impressed about his discoveries in the Hopi language and culture. Later his methods were seriously questioned and rejected. But in my mind his theory on how the structure of our language influences our thinking prevailed. Now, Lera Boroditsky wrote How Does Our Language Shape The Way We Think. And it looks like things have changed a bit...

(table from Brougham's paper). As part of our master journal club we read a little piece by Greg Brougham on Cynefin, the famous framework covering the ordered and unordered world. And while Cynefin is interesting in itself, I was reading the "Book of Why" by Judea Pearl at the same time and noticed something: The do-calculus by Pearl is geared toward understand causal relations between things. It is based on intervention. The Cynefin framework goes from "sensing" in the ordered domain towards "probe or act, sense, respond" in the complex and chaotic domain. Well, I guess detecting causality IS deeply connected with doing or acting in every case that is not already well-known. More on the do -calculus in a later article.

On a sideline: I watched a talk by John Snowden, one of the inventors of Cynefin, at the Domain-Driven-Conference Amsterdam 2018 and he made a little remark that shocked me: When he talked about evolutionary mechanisms in the context of complexity, he mentioned a talk he gave to US upper managment in Texas. And he was asked to NOT MENTION EVOLUTION, as it might hurt attendants. More than 50% of US citiziens seem to deny evolution as a principle of nature. Many years ago I thought that we had left religion as a major problem of the future behind us. I was wrong. Humanity is far from accepting scientific thinking.

Just my kind of article that Marc Brooker wrote about stories and Little's law. I use stories a lot more than mathematical formulas for two reasons: stories are kind of intuitive and they tend to stick in peoples memory. Little's law says that the number of requests in a queuing systems at any time can be calculated by multiplying arrival rate with the average time spent in the system.

LL can be used for capacity calculations or it can be used to think more about the dependencies in your system. What does "mean concurrency" mean? How spiky is your arrival rate? How much variation is in your processing time? Just painting a diagram of your queues and processing elements gives a chance to mentally change parameters and behavior. What do we need to measure? Should we abort new requests and when should we do so? Should we delay requests which were processed really fast? (think about your clients behavior in this case). Should we try to make all requests equally long? When we have many concurrent requests in processing, what does this mean for contention?

I know Peter Bailis from his excellent work on eventual consistency in NoSQL databases and his clear explanations of isolation levels in RDBMS. From my lecture in distributed systems I know that isolation levels are still a mystery for many developers. A dangerous mystery. Bailis shows that e.g. a missing "read for update" in MVCC systems (like Oracle) or a cheap "read committed" instead of "serializable" allows for a clever attack vector: A DB is put under load and then concurrent transactions from the same account are performed. These TAs read the same values and write the results based on those values. Not locking the "read" during concurrent TAs can cause lost-update effects.

I have long stopped preaching the traditional IT-Sec gospel of software-updates, patching and IDS. Instead, my focus is on damage reduction as there is no way to prevent successful attacks on Intranets. Google is doing it right with "beyondcorp" and the example from nPetya shows nicely how todays IT environment invites malware attacks e.g. through "supply-chain attacks". WIRED magazine just published the story of nPetya frome the perspective of MAERSK - the global shipping and port company. Here, external vendors are compromised and IoT devices download malware from those vendors. The WIRED article is very nice to read but does only cover the results of the attack. But between the lines it i a proof for what Robert Graham says in his paper above: the true problem is the lack of segmentation. He shows that the malware spread laterally through Intranets (mimikatz for MS-networks) using abundantly available local admin rights. It was not a lack of patching ETERNALBLUE, it was the absolute lack of damage reduction techniques in Intranets given the sorry state of security in the worlds most used operating system. Segmentation can reduce lateral spreading, but is is rarely used due to domain trust relationships in Intranets.

Just a side note: have you ever wondered why NIC based firewalls never took off? They have very easy rules due to the fact that they have to protect only one machine and not a full DMZ? They are harder to attack from the host (unlike host-based firewalls).

Update on the traffic measurement project

We are making progress on our traffic measurement project. The intention is to have a cheap and easy solution that allows citizens to measure the traffic flow in their region. Noise, type of vehicle and other parameters are measured. A group of four students at HdM built a prototype system and a model for display. Currently we are using ultrasound sensors but we might use LIDAR in the near future as well. Trucks are identified through a sensor pair mounted higher than the ones for cars. The loudness helps to distinguish small delivery vehicles like the Sprinter from Daimler.

In fall, two bachelor thesis will tackle some more problems like using LIDAR and machine learning e.g. to create a fingerprint of vehicles for tracking.

The project might even more relevant as the EU is now tightening the screws about traffic noise too. The regulations for noise measurement somehow remind me of the way fine dust and NO2 pollution are measured in cars. Once I am through with the law and regulations regarding traffic noise, I will post what I have learned.

Dr. Scheffold speaks after almost 40 years of software development with authority, when he talks about hypes and buzzwords dominating good software practice. When is "flexibility" an anti-pattern instead of a good thing? At least when it really means sloppy programmed classes which do not enforce their constraints. He also gives a nice example that caused real problems in production. He urges us to stay away from mere hype and hone our abilities in robust software development.

On a sideline: My colleage Prof. Roland Schmitz talked at our GDPR event about the new TLS3.0 and what it changed. And it looks like it did right to dispose of dangerous protocol downgrade options in older protocols like SSL. When flexibility introduces non-determinisms or attack vectors it surely has turned into an anti-pattern.

Todd Hoff quoted a book which claims that physics got blinded by math. beauty and lost its connection to reality. And he asked whether this could be the case for software development as well. Well, this is wrong. We don't do reality (aka empirical verification). Read on.

In our journal club we were dealing first with homomorphic encryption (really hard...) then with elliptic curve crypto (not so hard) and with the question raised about the effects of quantum computing on encryption we landed right in Shlor's algorithm. Some good papers and especially videos made the topic a bit more clear and brought some surprising results. Read on.

Why is digital transformation the core topic for an Interaction Day? Shouldn't we talk about pixels, UI and UX on such a day? Learn about the fast change that is happening in Germanies industry and which affects the way we work deeply. It looks like the industry did read the papers on corporate culture and agility from Netflix, Spotify and others very carefully and is now trying to speed up development using some of the organizational and/or software architectures from the Silicon Valley unicorns.

On April 13th Prof Borwardt will hold a talk on Big Data at the University of Esslingen. It starts at 16.00 at Flandernstr. 101, room H4. I am looking forward to the latest research on big data from a well-known expert.

Frequently over the last couple of years I had a tummy feeling, that we would should look more carefully at byzantine protocols for consensus instead of always depending on a simple fail-stop error model. A discussion of Byzantine protocols in the context of blockchain sytems raised some interesting questions on conspiration and control by external entities.

This is an idea for a summer term software project or a thesis. Measuring traffic usually requires expensive devices and is therefore very hard to achieve for small groups of citizens. Cities and villages have little interest in gathering those data, as they could lead to increased awareness, e.g by discovering massive toll avoidance or nightly truck traffic. Sound level meters are available, but they are usually standalone devices, expensive and do not work with Linux. Counting and categorizing traffic is beyond them. Read on to learn about the requirements.

Another reflection on one of my courses, this time over a longer period of time. The forces that made me change it into a largely theoretical lecture are described and a short overview of the developments in distributed systems is given.

A short note on experiences made with a so called journal club where a small group of students and a lecturer read the same papers and discuss them in a seminar. A very light weight form of class with surprising benefits for both lecturers and students. Learn about the benefits and how to run a journal club.

A short note on experiences made with flipped learning in a course on concurrency and parallelism. Turns out that many students profit from micro-exams because they realize their reading deficits quite clearly.

a special type of lecture that won the University teaching price in 2017 (unfortunately the description is in German and I didn't have the time to translate it yet.) And a big thanks to Verena Kersken for helping me with the presentation!

Note

Dr. Frisch of IBM Böblingen will give a talk on quantum computing at IBM on 21 June 2017 at HdM, 17.45-19.00. Stay tuned for more information. Some really interesting questions come to mind: will QC wipe out existing security algorithms? Are there algorithms which are resistent? How are QC specialist dealing with quantum effects like entanglement? What other areas will be affected by QC? A short intro .

How do you get the necessary data from social networks in an automated way? The workshop will present our work on a social bot and gather ideas for further tool development to support research in social media. Anybody can attend.

A very interesting talk about 3D-printing of organic components, the innovative organization behind it and its future uses. Also a bit on CRISPR - the DNA manipulation tool that might get someone a nobel price soon.

Well, is e-mobility dead or what? What are the current problem areas and what kind of solutions are companies developing right now e.g. with respect to intelligent charging? Are e-cars economically feasible for companies? Can you go across Germany with an e-car? Learn more about e-mobility at our first E-Mobility Day at HdM with talks from Fraunhofer IAO, Vector Informatik and BridgingIT.

Indi development, new gesture recognition interfaces, multiplayer technology, asset creation for virtual reality and of course: lots of demos and previews at our next games day.

Note

Friday 12. June, 13.30 - 19.00 at HdM, room 056. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

Still our most important tool - the programming language, is undergoing drastic changes. New paradigms are introduced, new languages pop up almost every week. What makes a good language in Internet times? Fit to support agile development, continuous delivery and increasing demands for security and usability. Learn about new developments in our first language day. The next one in the winter will probably cover Javascript, C# and Rust/Dust/D.

Note

Friday 10th April, 13.30-17.30 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

In this post-Snowden area we are taking a close look at secure software, critical infrastructures and ways to conquer the threats to critical infrastructures and individual exposures. Specialists from 1&1, Bosch and mpc are joining us for this long overdue event.

Note

Friday 16th January, 13.30-17.30 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

A bit more technical than the last ones, this games day will deal with advanced concepts in realtime lighting, physically based rendering, games on smart watches and artificial intelligence in games.

Note

Friday 9th January, 13.30-19.15 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

It was about time for a repeat of our Developer Days at HdM. This time we will have three talks about software design, architecture and frameworks for successfull enterprise software. All based on many years of practical experience with difficult decisions regarding designs. Join us for this interesting session. Developers, architects, consultants and project managers as well es members with akademic background welcome!

Note

Friday 7th July, 13.30-17.15 at HdM, room 11 (please note that the room has changed!). A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

Is the future of games in virtual reality? What is the current state of VR? How does it feel to play a game made for the Oculus Rift? (In case you don't own one: how about building your own? Take a look at the latest gadget from Google I/O . How does it feel to develop a game for virtual reality? Get some background information and
practical know how at this games day. And discuss your vision of the future with us. Please notice the change in the agenda: we'll let you watch another game at the end (:-)

Note

Friday 4th July, 13.30-16.45 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

Get a better understanding of your visitors! Learn how to collect and analyse behavioral data. Meet tool vendors and users of analytic tools and learn how to test your business profile.

What can you learn from looking at search requests leading to your platform? You are running youtube videos - did they help to increase the number of visitors? There are many things you can learn from analysing the
behavioral data of your visitors. But before you can do so, you must collect the data and learn to use the tools needed for analysis and reporting. They are a must for a successful site or blog. In case you are just a user of internet sites, you can get a better understanding of data collection on the web and why it is - to a certain degree - absolutely necessary for sites.

Note

Friday 23rd April, 13.30-16.45 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

Talks and discussions on current legal affairs around the Internet. Intellectual property rights, escpecially software patents, the NSA and Anonymous and last not least the Redtube streaming scandal. In all these cases, technological opportunities meet economic stakeholders on the battle field of laws and legal actions. And not every technology is legal and not every legal claim is justified.

Note

Friday 25th April, 13.30-16.45 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

It's all about speed: how to build fast and responsive web applications, quick application design within the browser and last but not least the realtime and peer-to-peer features of the new WebRTC standard. The 7th webday at HdM lets you meet with experts in those areas and extend your knowledge of HTML5.

Note

Friday 10th January, 13.30-16.45 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

Note

This week I realized, that splitting up requests into tens or hundreds of subrequests is still a rather hard problem, due to the long-tail distribution of response times. A portal is a typical fan-out architecture. In 1999 I found some solutions for fan-out like controlled backends, replication and incomplete (tainted) requests. Google of course goes much further today.

Strictly timed requests, distributed loads and a close look at everything from the CPU over network buffers, data structures in memory etc. are in the toolbox.

You think milliseconds is fast? Think again. Think about putting algorithms into FPGAs. Think about creating algorithms that fit into L1 caches. Algorithms which do not need much memory and which do not touch data more than once. Learn about the use of one-pass algorithms from HFT. And start thinking about all the places in our computing infrastructure, where latency hides.

Is the Internet a good model for power grids? What can energy engineering learn from IT and what should it better do in its own ways? Which patterns work in both areas? What makes a robust solution? This is a short talk on some ideas gained from the Smart Grids Week in Salburg this year. Cultural and technical aspects are covered in my talk on Blackout - on the role of IT in Smart Energy Grids .

Note

Wednesday 27th November, 17.45 at HdM, room 011.
As always, the event is free of charge and open to the interested public. Directions can be found at the
hdm homepage.

Experiences with Model-Driven Architecture in a large Project

Christian Teutrine, Senior Managing Consultant with Global Business Services, IBM will give a talk on practical experiences with MDA, made in a large project which took 7.5 years from the concept phase to the go-live. 80% of the code had been generated. Mr. Teutrine had the role of a business lead architect in this project, and in his talk, he will look at it from a business architecture point of view: How does MDA influence the contractual situation? The project management? Can agile methods be used with MDA? How well does it work over the years? What if off-shore employees join the project?

This talk is a rare chance to get first-hand experience on the interplay between business and technical aspects in a really large project. It is not so much a technical talk.

Note

Wednesday 4th December, 19.30 at HdM, room 041. Live streaming at can be found at events.mi.hdm-stuttgart.de
. As always, the event is free of charge and open to the interested public. Directions can be found at the hdm
homepage.

How does Amazon know what we want? Learn about advanced recommender systems which use clever algorithms to match users and items. See how math and computer science shape modern marketing.

Note

Friday 29th November, 14.00 - 17.00 at HdM, room 56. A live stream with chat
is provided. As always, the event is free of charge and
open to the interested public. Directions can be found at the
hdm
homepage.

It was more than time for a re-structuring and renovation of my site. I considered changing to wordpress but finally decided to stick
with my xml-based generative approach. But instead of generating my own navigation I am now using CSS3 (without any javascript) for it. Now comes content cleanup...